Il 03/01/2023 11:27 CET John Mattsson <john.mattsson=40ericsson.com@xxxxxxxxxxxxxx> ha scritto:- Threat Model: The IETF has failed to update the Internet Threat Model to include compromised endpoints, misbehaving endpoints, and large centralized information sources. This is very disappointing as these things were, and still are major enablers for pervasive monitoring. Assuming compromise is an essential zero trust principle. The excellent IAB document RFC 7624 that talks about compromise and exfiltration deserve much more citations.
There were attempts to do this, and even a dedicated IAB program and mailing list, which was wrapped up without results just a few months ago. I still think this was a big fail; in fact, this implies that counteraction against surveillance capitalism practices can only happen elsewhere, at the regulatory level, as the IETF community either does not know what to do about it, or does not want to do anything about it.
--
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@xxxxxxxxxxxxxxxx
Office @ Via Treviso 12, 10144 Torino, Italy
